Every tool call your AI makes — logged, governed, and visible to your team.
agenticcontrolplane.com · Dashboard · Docs · What is an ACP?
AI agents don't just chat anymore. They act — reading your data, writing to your tools, running your commands. Some tool calls contain PII. Some carry prompt-injection payloads from content you never vetted. Some run while you sleep.
Tool calls are where risk becomes real. So that's where we govern.
curl -sf https://agenticcontrolplane.com/install.sh | bashOne command auto-detects Claude Code and OpenClaw, installs a governance hook, opens your browser to log in, and starts logging in 30 seconds. For ChatGPT, Claude Desktop, and Lovable, add mcp.agenticcontrolplane.com/mcp as a connector.
- Activity log — every Bash command, file write, web fetch, and MCP tool call, in real time with identity, arguments, and timestamps.
- Policies by agent tier — interactive, subagent, background, and API agents get different rules. Per-tool overrides for anything sensitive.
- Data protection — detect and redact PII, API keys, and secrets in tool inputs before they reach downstream services.
- Prompt-injection detection — post-hook scans flag adversarial patterns in tool responses.
- Team visibility — one dashboard for the whole team. See who called what, set policies that apply to everyone.
- Audit mode — see everything, block nothing. Switch to enforce when you're ready.
AI apps have three actors — user, LLM, backend — but no shared identity layer.
USER (Alice)
│
│ ✓ Authenticated
▼
LLM ──────┐
│ │
│ │ Every tool call:
│ │ • Identified
▼ │ • Authorized
AGENTIC │ • Audited
CONTROL ◀─────┘ • PII-scanned
PLANE • Injection-checked
│
▼
BACKEND / TOOLS
ACP sits at the tool-call boundary. It verifies identity, enforces policy, redacts sensitive data, and writes an immutable audit log — so every AI action is attributable, authorized, and auditable.
ACP is built on top of GatewayStack — our open-source AI governance runtime.
| Repo | What it is |
|---|---|
| GatewayStack | Open-source AI governance runtime — identity, policy, rate limits, routing, audit. Six modular npm packages. |
| claude-code-acp-plugin | Governance plugin for Claude Code. |
| openclaw-acp-plugin | Governance plugin for OpenClaw. |
| gatewaystack-chatgpt-starter | Open-source MCP server starter with OAuth identity and JWT verification. |
The ACP commercial control plane (dashboard, team management, policy engine) is closed source. The runtime, plugins, and reference implementations are open.
- Free — unlimited tool-call logging, policy enforcement, data protection. For individuals.
- Team — per-member activity, per-client and per-user policies. Free during beta.
- Blog / writing → agenticcontrolplane.com/writing
- Report a security issue → see SECURITY.md in GatewayStack
- Everything else → open an issue on the relevant repo above, or email via the contact on agenticcontrolplane.com